redline | 0x0008000000012325-119[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0008000000012325-119.dat
Size

172KB
MD5

6f45641967633cad309590e6619a424f
SHA1

492f32dd821f9fc1da4299c2dc61a75cbd098be5
SHA256

c01d0854874546234d112c73a42c997c8fc2e88c9de010b57fcaabb5ce08a0a5
SHA512

79424a7eda338e90044a420a7c161105c4ae671236b007064ffcf980c5e8828b48534dd88aba55ee34d23efd9f9f65c1369030d77feb4bac5309b434a75dc738
SSDEEP

3072:ofUxyGWY0aG15BbTxNeuRj5mRC7LU8e8h1:oPVqqmRC7LU

Score

10^/10

medo redline

Malware Config

Extracted

Family

redline

Botnet

medo

C2

83.97.73.130:19061

Attributes

auth_value
f42b958077ee5abcccfea8daf5e27d13

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0008000000012325-119.dat

Files

0x0008000000012325-119.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ